Topology-Hiding Connectivity-Assurance for QKD Inter-Networking

TL;DR

This paper presents a cryptographic protocol that guarantees secure, topology-hiding connectivity proofs in QKD networks, enhancing trust without revealing internal network structure.

Contribution

It introduces a novel topology-hiding connectivity assurance protocol using extended graph-signature techniques for QKD networks.

Findings

Supports multi-graph and hidden endpoint scenarios.

Enables zero-knowledge proofs of secure connectivity.

Facilitates certification of multiple disjoint paths.

Abstract

While QKD ensures information-theoretic security at the link level, real-world deployments depend on trusted repeaters, creating potential vulnerabilities. In this paper, we thus introduce a topology-hiding connectivity assurance protocol to enhance trust in quantum key distribution (QKD) network infrastructures. Our protocol allows network providers to jointly prove the existence of a secure connection between endpoints without revealing internal topology details. By extending graph-signature techniques to support multi-graphs and hidden endpoints, we enable zero-knowledge proofs of connectivity that ensure both soundness and topology hiding. We further discuss how our approach can certify, e.g., multiple disjoint paths, supporting multi-path QKD scenarios. This work bridges cryptographic assurance methods with the operational requirements of QKD networks, promoting verifiable and privacy-preserving inter-network connectivity.